<?php

/*
 *  This file is part of Urd.
 *
 *  Urd is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 3 of the License, or
 *  (at your option) any later version.
 *  Urd is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program. See the file "COPYING". If it does not 
 *  exist, see <http://www.gnu.org/licenses/>.
 * 
 * $LastChangedDate: 2008-07-09 20:09:07 +0200 (Wed, 09 Jul 2008) $
 * $Rev: 1278 $
 * $Author: gavinspearhead $
 * $Id: admin_buttons.php 1278 2008-07-09 18:09:07Z gavinspearhead $
 */


define('ORIGINAL_PAGE', $_SERVER['PHP_SELF']);

$pathaeb = realpath(dirname(__FILE__));

require_once "$pathaeb/../functions/html_includes.php";

if (!$isadmin)
	fatal_error($LN['error_noadmin']);

class buttons_c {
	public $name;
	public $url;
	public $img;
	public $id;

	function __construct ($id=0, $n='', $u='', $i='')
	{
		assert(is_numeric($id));
		$this->id = $id;
		$this->name = $n;
		$this->url = $u;
		$this->img = $i;
	}
}


$cmd = get_request('cmd');
$id = get_request('id');

$db->escape($cmd);
$db->escape($id);

switch (strtolower($cmd)) {
case 'delete_button':
	verify_challenge_text($_POST['challenge']);
	if (is_numeric($id)) {
		delete_button($db, $id);
	} else
		die_html($LN['buttons_buttonnotfound']);
	break;
case 'edit':
	if (is_numeric($id)) {
		$sql = " * FROM searchbuttons WHERE \"id\" = $id ORDER BY \"name\" ASC";
		$res = $db->select_query($sql, 1);
		if (!is_array($res))
			$res = array();
		$row = $res[0];
		$name = $row['name'];
		$image_url = $row['image_url'];
		$search_url = $row['search_url'];
		$id = $row['id'];
		$button = new buttons_c($id, $name, $search_url, $image_url);
	} else if ($id == 'new') {
		$button = new buttons_c(0, '', '', '');

	} else
		die_html($LN['buttons_buttonnotfound']);
	$challenge = set_challenge();
	$smarty->assign('id',	$id);
	$smarty->assign('text_box_size', TEXT_BOX_SIZE);
	$smarty->assign('number_box_size', NUMBER_BOX_SIZE);
	$smarty->assign('challenge',	$challenge);
	$smarty->assign('button',	$button);
	$smarty->display('ajax_edit_buttons.tpl');
	die;

	break;
case 'show_buttons':
	$sql = 'SELECT * FROM searchbuttons WHERE "id" > 0 ORDER BY "name" ASC';
	$res = $db->execute_query($sql);
	if (!is_array($res))
		$res = array();
    $cnt = 0;
    $buttons = array();
	foreach ($res as $row) {
		$name = $row['name'];
		$image_url = $row['image_url'];
		$search_url = $row['search_url'];
		$id = $row['id'];
		$buttons[] = new buttons_c($id, $name, $search_url, $image_url);
	}
	$challenge = set_challenge();
	$smarty->assign('maxstrlen',		$prefs['maxsetname']);
	$smarty->assign('buttons',	$buttons);
	$smarty->assign('challenge',	$challenge);
	$smarty->assign('id',	$id);
	$smarty->display('ajax_show_buttons.tpl');
	die;
	break;
case 'update_button':
	if (is_numeric($id)) {
		verify_challenge_text($_POST['challenge']);
		if (isset($_POST['name']) && trim($_POST['name']) != '') 
			$name = trim($_POST['name']);
		else
			die_html($LN['buttons_invalidname']);
		if (isset($_POST['image_url']) && $_POST['image_url'] != '') 
			$image_url = $_POST['image_url'];
		else
			die_html($LN['buttons_invalidimg']);
		if (isset($_POST['search_url']) && $_POST['search_url'] != '') 
			$search_url = $_POST['search_url'];
		else
			die_html($LN['buttons_invalidurl']);
		if (isset($_POST['id']) && $_POST['id'] != '') 
			$id = $_POST['id'];
		else
			die_html($LN['buttons_invalidurl']);
		$query = "SELECT \"id\" FROM searchbuttons WHERE \"id\"='$id'";
		$res = $db->execute_query($query);
		if ($res !== FALSE) {
			update_button($db, $name, $image_url, $search_url, $id);
		} else 
			die_html($LN['buttons_buttonexists']);
	} else if ($id == 'new') {
		verify_challenge_text($_POST['challenge']);

		if (isset($_POST['name']) && trim($_POST['name']) != '') 
			$name = trim($_POST['name']);
		else
			die_html($LN['buttons_invalidname']);
		if (isset($_POST['image_url']) && $_POST['image_url'] != '') 
			$image_url = $_POST['image_url'];
		else
			die_html($LN['buttons_invalidimg']);
		if (isset($_POST['search_url']) && $_POST['search_url'] != '') 
			$search_url = $_POST['search_url'];
		else
			die_html($LN['buttons_invalidurl']);
		$db->escape($name);
		$query = "SELECT \"id\" FROM searchbuttons WHERE \"name\"='$name'";
		$res = $db->execute_query($query);
		if ($res === FALSE) {
			add_button($db, $name, $image_url, $search_url);
		} else 
			die_html($LN['buttons_buttonexists']);
	} else
		die_html($LN['buttons_buttonnotfound']);
	break;
	
default:
	die_html ("O-oh - Unknown command $cmd");
	break;
}

echo 'OK';
